syzbot


general protection fault in assoc_array_apply_edit

Status: fixed on 2018/01/31 00:24
Fix commit: 67bcc5e530d5 assoc_array: Fix a buggy node-splitting case
First crash: 2586d, last: 2586d

Sample crash report:
 [<ffffffff838aa0c5>] entry_SYSCALL_64_fastpath+0x23/0xc6
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 10425 Comm: syz-executor1 Not tainted 4.9.58-g27155df #71
netlink: 16 bytes leftover after parsing attributes in process `syz-executor7'.
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801cd36e000 task.stack: ffff8801d9b50000
RIP: 0010:[<ffffffff81df2bbe>]  [<ffffffff81df2bbe>] assoc_array_apply_edit+0x21e/0x610 lib/assoc_array.c:1403
RSP: 0018:ffff8801d9b57c48  EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000010 RCX: ffffc900013b2000
RDX: 0000000000000002 RSI: ffff8801b8fec900 RDI: ffff8801c7913c88
netlink: 16 bytes leftover after parsing attributes in process `syz-executor7'.
RBP: ffff8801d9b57c80 R08: ffffed003b36af1c R09: 0000000000000000
R10: 0000000000000000 R11: ffffed003b36af1c R12: ffff8801c7913b80
R13: ffff8801c9739201 R14: ffff8801c7913c68 R15: 0000000000000000
FS:  00007fcfe6500700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4487463db8 CR3: 00000001b9080000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffff8801d9b57e50 ffffed0038f2278d ffff8801d9b57d70 ffff8801b8fec900
 ffff8801d9b57e50 ffffffff84609960 ffff8801d9b57db0 ffff8801d9b57ca0
 ffffffff81bb6b57 1ffff1003b36afa2 ffff8801b8fec900 ffff8801d9b57e78
Call Trace:
 [<ffffffff81bb6b57>] __key_link+0x97/0xf0 security/keys/keyring.c:1188
 [<ffffffff81bc0238>] construct_alloc_key security/keys/request_key.c:380 [inline]
 [<ffffffff81bc0238>] construct_key_and_link security/keys/request_key.c:452 [inline]
 [<ffffffff81bc0238>] request_key_and_link+0x998/0xb00 security/keys/request_key.c:566
 [<ffffffff81bb78c2>] SYSC_request_key security/keys/keyctl.c:213 [inline]
 [<ffffffff81bb78c2>] SyS_request_key+0x192/0x2d0 security/keys/keyctl.c:158
 [<ffffffff838aa0c5>] entry_SYSCALL_64_fastpath+0x23/0xc6
Code: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 63 03 00 00 48 89 da 4d 8b ac 24 08 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 33 03 00 00 4c 89 2b e8 40 74 57 ff 49 8d bc 
RIP  [<ffffffff81df2bbe>] assoc_array_apply_edit+0x21e/0x610 lib/assoc_array.c:1403
 RSP <ffff8801d9b57c48>
---[ end trace 3297ccde193c0ba7 ]---
Kernel panic - not syncing: Fatal exception
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/10/23 20:20 https://android.googlesource.com/kernel/common android-4.9 27155df9e4e6 9bf63a7b .config console log report ci-android-49-kasan-gce
* Struck through repros no longer work on HEAD.